Security of Software Systems

This post looks at security of software systems in the embedded realm. We are fortunate to have some good recommendations from IEEE on this topic. The first looks at avoiding Software Security Design Flaws. The summary is outlined below:

Earn or give, but never assume, trust. Make sure all data received from an untrusted client are properly validated before processing. When designing systems, be sure to consider the context where code will be executed, where data will go, and where data entering your system come from. Failing to consider these things will expose you to vulnerabilities associated with trusting components that have not earned that trust.

Use an authentication mechanism that cannot be bypassed or tampered with. Such mechanisms are critical to secure designs, but they can be susceptible to various forms of tampering and may be bypassed if not designed correctly. The center recommends a single authentication mechanism that leverages one or more factors for each application’s requirements; that it serves as a “choke point” to avoid potential bypass; and that authentication credentials have limited lifetimes, be unforgettable, and be stored so that if the stored form is stolen, it cannot easily be used by the thief to pose as a legitimate user.

Authorize after you authenticate. Authorization should be conducted as an explicit check, even after an initial authentication has been completed. Authorization depends not only on the privileges associated with an authenticated user but also on the context of the request.

Strictly separate data and control instructions, and never process control instructions received from untrusted sources. Lack of strict separation between data and code often leads to untrusted data controlling the execution flow of a software system.

Define an approach that ensures that all data are explicitly validated. Software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold. Vulnerabilities frequently arise from implicit assumptions about data, which can be exploited if an attacker can subvert and invalidate these assumptions.

Use cryptography correctly. Cryptography is one of the most important tools for building secure systems. With it one can ensure the confidentiality of data, protect data from unauthorized modification, and authenticate the source of data.

Identify the sensitive data and how they should be handled. One of the first tasks for systems designers is to identify sensitive data and determine how to protect them. Many deployed systems over the years have failed to protect data appropriately. This can happen when designers fail to identify data as sensitive, or when designers do not identify all the ways in which data could be manipulated or exposed.

Always consider the users. The security stance of a software system is inextricably linked to what its users do with it. It is therefore very important that all security-related mechanisms are designed to make it easy to deploy, configure, use, and update the system securely. Remember, security is not a feature that can simply be added to a software system but rather a property emerging from how the system is built and operated.

Understand how integrating external components changes your attack surface. It is unlikely that you will develop a new system without using external pieces of software. In fact, when adding functionality to an existing system, developers often make use of existing components.

Be flexible when considering future changes to objects and actors. Software security must be designed for change; it should not be fragile, brittle, and static. During the design and development processes, the goal is to meet a set of functional and security requirements. However, software, the environments running software, and threats and attacks against software all change over time. Even when security is considered during design, or the framework being used is built correctly to permit run-time changes in a controlled and secure manner, designers still must consider the security implications of future changes.

Wearable Device Security

The second input is specifically looking at how to protect very small computing systems such as wearables from cyberattacks. You can read the complete report at Protect Wearable Devices Against Cyberattacks. The 2 primary points made are:

Authentication matters – really think about how you will authenticate users

Ultimately code decides what happens. So mange the code base well

We are working constantly in the IoT space and so managing security and access is a big issues for these projects. If security isn’t front and center, then field deployed devices are all in trouble.